Re: FORWARDING and NAT chains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 30 January 2004 12:23 pm, John A. Sullivan III wrote:

> On Fri, 2004-01-30 at 05:25, Antony Stone wrote:
> >
> > Place the destination address in the nat rule, eg:
> >
> > iptables -A PREROUTING -t nat -d ! my.ip.add.ress -j DNAT --to a.b.c.d
> >
> > This means "destination nat all packets which are not addressed to
> > my.ip.add.ress and send them to a.b.c.d".
>
> This is true but she went on to state in a later e-mail that she has
> many interfaces and needs to exclude two.  That's a knarly problem I've
> run into many times with the limitation of only being able to specify a
> single address/subnet (or a contiguous range with iprange) in
> destination and source.
>
> I suggested using a RETURN target to bypass processing for the two
> excluded interfaces although I was surprised to not find RETURN in my
> man page. I hope I wasn't having a premature senior moment when I
> recalled the RETURN target! Thanks - John

Oh, okay - try using ACCEPT in the nat table to stop packets continuing to 
later rules..

RETURN is only valid for user-defined chains (I think).

Regards,

Antony.

-- 
Behind the counter a boy with a shaven head stared vacantly into space,
a dozen spikes of microsoft protruding from the socket behind his ear.

 - William Gibson, Neuromancer (1984)

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux